Re: Domain server authentication bluez

David W. Wilson wrote:
> I’m an old UNIX guy in a Windows IT role these days, and I’m slogging
> through the process of getting Tortoise SVN working with Collabnet SVN
> Server (Apache option) with Windows XP server and clients and domain
> server authentication. I think I have the server set up right for domain
> server authentication, using mod_auth_sspi.so and all, but TortoiseSVN
> is being obstinate.
>
> My SVN repository is at http://legolas/svn/swtools, I can browse this
> repository remotely through IE, If I try to browse it from a non-domain
> login, I get a popup asking for my username/password, as expected. The
> Apache log entry for an access from IE looks like (data changed to
> protect the guilty):
>
> 123.321.101.58 - yoyodyne\\wilsond [24/Aug/2007:11:59:02 -0400] "GET
> /svn/swtools/ HTTP/1.1" 200 259
>
> However, when I try to checkout using TSVN, I get a popup saying
>
> Error PROPFIND request failed on ‘svn/swtools’
> Error PROPFIND of ‘svn/swtools’: authorization failed (http://legolas)
>
> Which mimics the errors I get when trying to checkout from the command line:
>
> > svn checkout http://legolas/svn/swtools> svn: PROPFIND request failed on '/svn/swtools'
> svn: PROPFIND of '/svn/swtools': authorization failed (http://legolas)
>
> In each case, the Apache log entry looks like
>
> 123.321.101.58 - - [24/Aug/2007:12:00:19 -0400] "PROPFIND /svn/swtools
> HTTP/1.1" 401 509
>

> And we see that TSVN and the svn command are apparently not passing
> credentials to the SVN server. I don’t know if TSVN/svn should be
> pushing the credentials to the SVN server or if the server should be
> pulling them (I’m thinking the latter), but at any rate, it looks as if
> credentials never flow from client to server.

It does *authenticate*. It's the *authorization* that fails. Which means
the automatic authentication succeeds with a user that doesn't have
access rights to the repository (most likely the GUEST user account).

> I have tried flushing my .subversion auth cache, to no avail.

That won't really help if you're using SSPI authentication.

> I have checked the TSVN settings, and I can’t find anything to force
> TSVN to pass the Windows login credentials (I thought this was
> automatic) or other specified credentials to the server.
>
> The fact that the command line checkout fails makes me think the problem
> is deeper than TSVN, but I cannot work it out. I have played with all
> the mod_auth_sspi configs I could dig up, and still no dice. I would
> hate to have to go back to password file authentication.

Follow the the FAQ entry I mentioned above. That should solve your problems.